Security News > 2021 > July > Microsoft Defender for Identity now detects PrintNightmare attacks
Microsoft has added support for PrintNightmare exploitation detection to Microsoft Defender for Identity to help Security Operations teams detect attackers' attempts to abuse this critical vulnerability.
As revealed by Microsoft program manager Daniel Naim, Defender for Identity now identifies Windows Print Spooler service exploitation and helps block lateral movement attempts within an org's network.
Microsoft Defender for Identity is a cloud-based security solution that leverages on-premises Active Directory signals.
Defender for Identity is bundled with Microsoft 365 E5 but, if you don't have a subscription already, you can get a Security E5 trial right now to give this new feature a spin.
Last week, Microsoft clarified the PrintNightmare patch guidance and shared the steps needed to correctly patch the critical vulnerability after several security researchers tagged the patches issued to address the bug were incomplete.
Until a CVE-2021-34481 patch is available, Microsoft advises admins to disable the Print Spooler service on Windows devices exposed to attacks.
News URL
Related news
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- Microsoft fixes under-attack privilege-escalation holes in Hyper-V (source)
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Week in review: 48k Fortinet firewalls open to attack, attackers “vishing” orgs via Microsoft Teams (source)
- Microsoft Teams phishing attack alerts coming to everyone next month (source)
- CISA tags Microsoft .NET and Apache OFBiz bugs as exploited in attacks (source)
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)
- Microsoft Identifies 3,000 Leaked ASP.NET Keys Enabling Code Injection Attacks (source)
- Microsoft Uncovers Sandworm Subgroup's Global Cyber Attacks Spanning 15+ Countries (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-16 | CVE-2021-34481 | Improper Privilege Management vulnerability in Microsoft products <p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. | 0.0 |